How to build the ultimate Ubuntu/Lighttpd/PHP/MySQL server, and keep it running
Add some basic aliases to speed up things
Now you’re logged in, it’s time to add some aliases. These are short cut to command sequences. They are good because you will have to type some long commands many times in the next few weeks :). Type
nano ~/.bashrcScroll completely down, ignore all text you see. Add the following rules to the file.
alias free="free -m"
alias update="sudo aptitude update"
alias install="sudo aptitude install"
alias upgrade="sudo aptitude safe-upgrade"
alias remove="sudo aptitude remove"
alias l2r="sudo /etc/init.d/lighttpd restart"
Save the file and quit nano. Type
source ~/.bashrcNow you reloaded the bashrc file, the commands are working! I’ll explain the first one now, the rest will be explained throughout the tutorial.
Learn how ‘free -m’ works
When you type ‘free’, the command ‘free -m’ will be executed. Do this now
freeTo make things simple, only look at the ‘buffers/cache’ and ‘swap’ lines, which shows something like
-/+ buffers/cache: 28 332
Swap: 511 0 511This means that there is currently 28 MB memory used, and 332 free. No swap is used. A common mistake is to look at the first line and go out crying that all the available memory has been used. Don’t do this, ignore the first ‘Mem:’ line.
It’s a good thing to check the memory use from time to time, and learn from your servers response to configuration file changes.
Update OS, install essential applications
OK, well, we’re almost done setting up our workspace. We still need to update your system. Ubuntu uses a package manager to make updating easier. To use it, you first need to update the list of available packages
sudo aptitude updateYou could also enter ‘update’, since we defined the alias in the bashrc file (scroll up and check it).
Before we actually upgrade your system, you need to define a locale. I recommend you to use a standard English locale. The English language won’t hurt you, and since most documentation is in English, you don’t have to translate menu options etc.
sudo locale-gen en_GB.UTF-8
sudo /usr/sbin/update-locale LANG=en_GB.UTF-8Now update the system
sudo aptitude safe-upgradeAs the name suggest, the safe-upgrade is safe, though this doesn’t mean that the full-upgrade is unsafe. There’s also a full-upgrade, if you want you can run it after the safe-upgrade. If you are curious about the differences, more info about safe and full-upgrade is in the Ubuntu documentation. You don’t need to do it, so if you don’t want to read the manual, just go on with the guide here.
After upgrading all packages, you’ll need some basic things
sudo aptitude install build-essentialIt’s also a good thing to install wget, sooner or later you’ll need it anyways and it’s very small
sudo aptitude install wget
(would be great if you left one too!)
Nicely written how-to.
I’ve scheduled a server reinstall for this Friday, and was trying to decide between Fedora 10 and Ubuntu. You’ve just made up my mind with this great walk-through, so look forward to ‘pimping my server’! :)
Since I run a large (10,000 user) phpBB forum on my server, I’ll also look at xcache from your Twitter too…
Ubuntu will be great. First I wanted to use Gentoo (best desktop linux distro imo) on my server, but after seeing that Ubuntu ‘just works’, without looking after it every day, which is exactly what a server has to do, I chose Ubuntu (and never regretted it).
And maybe you already thought of this, but make sure you don’t forget to make backups of the forum before the reinstall! It sounds quite stupid, but even big sites like dpreview.com lose things because of bad backups (ok, they maybe had just bad luck with a failing raid setup)…
And about xcache, it quite great :). I think I’m going to add a guide about it in a month or so (maybe earlier, but I’ve got some difficult exams this month, so don’t know how much spare time I’ll have – it’s also not that hard to install, I think you’ll manage to do it with the guides that are available atm).
My server is currently running Gentoo, albeit a heavily-modified-by-the-hosting-company edition, which sadly doesn’t work very well…
I had to heavily tweak the MySQLd and Apache2 setup – and its now running the site stably, but does freeze every now and again and they seem to have crippled a lot of the extensions/dependancies within Gentoo, so other software (service monitors, etc) just refuse to install.
I will backup the forum ;) At 10gb of files + 1gb DB, it’s a little too big to forget! Shame on any Admins who don’t regularly backup their sites – let alone check they have everything before wiping the server!!
Good luck with the exams.
After applying the changes to the ssh config I get the following error message when trying to connect with putty:
Disconnected: No supported authentication methods available
Any idea?
Eric:
Sorry! At first I was typing a guide in which you authenticated to SSH with a special file. Now I see I forgot to remove one line from a black box.
In ‘/etc/ssh/sshd_config’ you have to either remove
PasswordAuthentication no
or set it to ‘yes’.
One problem though may be getting into your box now.. I can’t tell you how to do this if I don’t know your exact situation, but most of the times you can login through a web based terminal, which is provided by your host.
Again, sorry for the hassle, but thanks for your comment!
I’m updating the guide now!EDIT: Guide updated. I also removed the line “UsePAM no”. You can also set it to yes, or remove it from your sshd_config
Thanks for updating it. Actually I figured it out myself ;-)
Now I’m stuck here:
iptables-restore < /etc/iptables.test.rules
Bad argument `DROP’
np, thanks for leaving the comment! Even though you figured it out by yourself, I really appreciate the comment. It helps me improve the guide.
But ok, now to your question. I think the problem lies with the ` before DROP. Look at the rules you want to implement in IPTables. There should be DROP somewhere (CTRL+W is search in Nano). You should replace the ` before it into a ‘ (I don’t know how you call those things, sorry, I mean the regular ‘ below ” on your keyboard).
Also, you have to type sudo before the line (I forgot to mention that in the guide, will update it now).
I hope this solves the problem, if not, don’t hesitate to comment again!
Thanks for the fast answer!
There’s no ` before the DROP in the textfile:
-A LINWIZ-INPUT -s 127.0.0.0/8 -j DROP
Since I don’t do it exactly the same way I don’t need to sudo anyway ;-)
since iptables-restore doesn’t work I’ll go for a script version of the iptables rules.
can you suggest the rc-update command so I have all important runlevels covered?
will “update-rc.d firewall defaults” do it?
I think you might find the apostrophe problems is actually WordPress… It tries to be clever and do curly quotes, but obviously not code with code is involved..
Glad others have found the problems before me… lol
Not sure if it helps others, but on previous servers, I’ve actually used two programs to look after the IPTables/Firewall: APF (Advanced Policy Firewall) and backed up with BFD (Brute Force Detection).
How-To guide for APF:
http://www.webhostgear.com/61_print.html
Then BFD (you need to install APF first):
http://www.webhostgear.com/60_print.html
Once running, it will look after you server, email you when someone tries to hack into your server with all their details, but don’t worry – its already blocked them on the firewall… :)
thanks, will have a look at it.
by the way, mysql doesn’t work with the server this way. you have to install php-mysql additinally for making it work!
eric: Thanks for pointing that out! Also sorry for forgetting things, but you (I’m not implying that you don’t) have to understand that there will always be a few errors in a brand new guide (even though I tried to write down almost exactly how I setup the server this site is running on).
And by pointing that out you also helped me remember that I was going to add something about PHP modules like GD.
(I’ll look into your try to look into your problem tomorrow btw, have to sleep now)
andi: Thanks for the links!
all: excuse me for using both apt-get and aptitude, as I’m used to Gentoo’s emerge I don’t exactly know which of the two is better….
Since most ‘powered by’ website nowadays needs GD and SQL, if you could add these to the guide – that would be great!
I’ll be needing to get both of those tonight ;)
Added a small part about installing GD, it’s quite easy actually: most important thing is restarting Lighttpd after installing it. The php5-mysql module is also added to the guide (which is indeed crucial to get mysql running).
Brilliant, thank you!
Looks like the Mrs. has vito’d me playing with Ubunutu tonight, but she’s out tomorrow night, so rescheduled for Saturday! Haha..
Just completed my server re-install, with a massive help (and thanks) to this guide.
All went pretty well apart from a little bit of ‘fun’ trying to get lighttpd working. In the end, I setup simple-vhosts which once configured made it all a doddle!!
It’s 3 simple lines in the config:
simple-vhost.server-root = “/home/USER/web/”
simple-vhost.default-host = “domain.tld”
simple-vhost.document-root = “/”
Then add
“mod_simple_vhost”,
in your server.modules string in the config too.
Then all I need to do is create a new folder in /home/USER/web for the domain I want to add and place the www files in there. No need to touch the config!
So to add eg google.com, I would:
cd /home/USER/web
mkdir google.com
sudo ln -s google.com http://www.google.com
The last part I make a symbolic link from www. to the directory so both work.
—– do you know how to make the www. always work via the simple-vhosts bit? Would be nice not to have to do the symlink each time.
In the guide there are a couple of ‘sudo’ bits missing – but the command line will tell you if you don’t have the rights ;)
*sigh*
All was working well early this morning when I went to bed (4:30am!).
Got up at 8am and checked – yup, site still up, so went out for the day.
I’ve had a raft of messages saying the site has been really slow, sometimes unavailable, or missing pictures (gifs mostly)…
I’ve tried diabling the image caching (thinking it may affect the gif icons on a forum) and tried it with both xcache enabled and disabled. Also looked at server tweaks for lighttpd… Nothing seems to help :(
I’m at a loss at what to do now. I’m sure the issue is in the config, somewhere….. where to start?
Update: (Haha, who’s blog is this? lol)
I didn’t do anything with the server last night – I was too tired. It was misbehaving and wasn’t responding, wouldn’t show gifs, css… (I’m talking about its web-servery-ness. As an actual machine it runs fine, but serving webpages, mostly php, is it purpose).
This morning?
Running like a peach. Didn’t do anything.
I like it when things get fixed by me – not by themselves!!
Sorry, but you use sudo ways too often and restart lighttpd ways too often. You don’t need to be root to edit a file in your home directory and after installing a PHP module, you don’t need to restart lighttpd, it’s enough to kill the PHP FastCGI server by running
sudo killall php.fcgi(or something smililar, depends of the name of the PHP process).Question from a complete Linux Newbie: I’m following this guide along with a brand-new Ubuntu 8.04 LTS image on Linode. When I get to the part where I’m implementing the aliases and I enter “sudo source ~/.bashrc” I get a “sudo: source: command not found” error.
Can anyone tell me what this means? I didn’t find any thing terribly helpful when I searched. I’m reluctant to experiment – I shot my last attempt at Linux that way.
Thanks!
Never mind, I think I stumbled across it right after I posted. I did a simple “source .bashrc” and it seemed to work just fine.
[...] got the first ubuntu box pretty much set up thanks to a nice tutorial from nanoTux. Of course I skipped the http server portion as well as the PHP and got Java installed. No real [...]
Great howto, but I have problems setting up MySQL. These are the error messages I get:
Starting MySQL database server mysqld [fail]
invoke-rc.d: initscript mysql, action “start” failed.
dpkg: error processing mysql-server-5.0 (–configure):
subprocess post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of mysql-server:
mysql-server depends on mysql-server-5.0; however:
Package mysql-server-5.0 is not configured yet.
dpkg: error processing mysql-server (–configure):
dependency problems – leaving unconfigured
Errors were encountered while processing:
mysql-server-5.0
mysql-server
Any idea what to do about this?
yours,
Erik
Erik: Hmmm… Kinda strange. Could you do the following:
sudo aptitude update
sudo aptitude remove mysql-server-5.0
sudo aptitude remove mysql-server
and then
sudo aptitude install php5-mysql
sudo aptitude install mysql-server mysql-client
sudo aptitude install libmysqlclient15-dev
mysql_secure_installation
If the error persists, please give me the full output of the last commands in a pastebin: http://pastebin.com/ (don’t paste them here, just link to the pastebin)
got a small issue, as soon as I add:
fastcgi.server = ( “.php” => ((
“bin-path” => “/path/to/php-cgi”,
“socket” => “/tmp/php.socket”
)))
I can’t access my site (either index.html or info.php). removing that solves the problem.
Any ideas?
Thanks
I fixed it, on Ubuntu 8.10 the “/path/to/php-cgi” needs to be replaced with “/usr/bin/php-cgi”
The standard hardy install of lighttpd includes mechanisms to enable and disable configuration files. Fastcgi is already included.
/etc/lighttpd/conf-available/README contains instructions and you can enable/disable modules from the commandline without the need to edit the config file.
I only used your HowTo to install lighttpd and php, so I’ve not read all of it. Otherwise, thanks for this HowTo, covers it nicely.
Hi!
I don’t know if that is possible, but I’m trying to test the mail server on my local machine… I have Google Apps in one domain of mine, and I’m trying to user that, but when I try to send emails from there, I get the following on the msmtp.log file:
Fev 09 15:21:00 host=smtp.gmail.com tls=on auth=on user=dejamps@domain.net from=dejamps@domain.net recipients=eber.freitas@gmail_domain.com errormsg=’cannot set X509 trust file /home/eber/.certs/ThawtePremiumServerCA.crt for TLS Session: Error while reading file.’ exitcode=EX_NOINPUT
My server log file says the following:
msmtp: cannot set X509 trust file /home/eber/.certs/ThawtePremiumServerCA.crt for TLS Session: Error while reading file.
msmtp: could not send mail (account default from /etc/msmtprc)
Is that only ’cause I’m running it locally or is there anything wrong with the certicates and so on? Thankyou!
Hey! I fixed it!
I’ve run the following:
——————————————
sudo aptitude install ca-certificates
sudp update-ca-certificates
sudo vim /etc/msmtp
tls_trust_file /etc/ssl/certs/ca-certificates.crt
l2r
——————————————
Now the mail server is running perfectly :)
How about installing and configuring Ruby/Rails?
Hi
The link to IPTables is not working – do you have an alternative link?
thanks
@Adam: Thanks for your reply! The site seems down indeed.
You can use
http://easyfwgen.morizot.net/gen/index.php
in the meantime. It’s maybe even better than the original link I posted. Make sure you choose “Allow Inbound Services” and “Specify a custom port range”, insert your SSH port there and declick the SSH option. Big chance that you also have to choose “Static IP” and fill in your servers IP address.
@Kevin: Installing will be quite easy through the package manager (apt-get or aptitude). Configuring is to complicated to explain in a comment, but there’s a chance that I make a post about somewhere soon (depends on my spare time).
I setup a server very similar to this, however I was using Apache 2.2 rather than Lighttpd, next time I plan to build a server from scratch, I will try using Lighttpd that way you have here.
Great guide, thanks.
I’m getting ‘opening errorlog …. failed: Permisson denied’
To fix, edit the lighttpd.conf entry for virtual hosts and instead of ‘server.errorlog’ , i believe it should be:
‘errorlog.filename’ .
Great guide; thanks for posting; I’ll be trying it out in the next few days.
Thanks NanoTux! It took me a while to set up (my first server) but everything works great now! Thanks for the tutorial.
Awesome guide I just got it working on my laptop thanks :D
Dear Admin,
Great walk through tutorial. I had already installed Ubuntu 8.04 server onto my web server along with the Apache, MySql, and PHP packages. After reading your tuturial, do I need to reinstall Ubuntu and start from scratch if I want to setup the lighttbd?
Thanks for the guide. This has been my goto for a while now to remind me what all I need to do when setting up a new server. Even a couple of years later it works great with minor modifications and additions (Debian, using RSA pubkey authentication for ssh, denyhosts, one or two other little things). I’ve finally realized I do this often enough that I’m going to just write a shell script to set up servers for me, but I wanted to thank you for the work. It’s been really useful.